Network defense final
What policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network?
Acceptable Use Policy
Which of the following sometimes displays a banner that notifies the user of its presence?
Adware
Which of the following is a possibility when you work as a security professional?
All are possibilities.
How can a nondisclosure agreement allay management fears about password discovery?
All of the above
Why have some judges dismissed charges for those accused of port scanning?
All of the above
Which of the following is a method of educating network users to minimize the damage and the frequency with which computers become infected?
All of the answer choices are methods of educating users to minimize the damage and the frequency with which computers become infected.
Why is a simple process like "dumpster diving" so effective when gathering information utilizing social engineering?
All of the choices are reasons why dumpster diving can be effective.
What skills does a security professional need to be successful?
Both knowledge of network and computer technology and the ability to communicate with management and IT personnel.
If using ping sweeps, which of the following should not be included?
Broadcast IP address
How do most attacks begin?
By gathering information from a company's website.
What acronym represents the U.S. Department of Justice branch that addresses computer crime?
CHIP
What IPv4 address class has the IP address 221.1.2.3?
Class C
Which class of IP addresses are reserved for multicast and experimental addressing?
Class D and Class E
Why is it important for a security tester to understand and be able to create scripts?
Creating a customized script can be a time-saving solution.
What area of a network is a major area of potential vulnerability because of the use of URLs?
DNS
What may occur when a broadcast address is mistaken as a valid host address?
Denial-of-service attack.
Prior to performing a zone transfer to see all host computers on the company network, what step should be completed?
Determine a company's primary DNS server.
Which of the following activities is not illegal?
Discovering passwords of company personnel when testing for vulnerabilities
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?
Electronic Communication Privacy Act
Which of the following statements about antivirus software is true?
Even with antivirus software, protecting an organization from malware attacks is difficult because new viruses, worms, and Trojans appear daily.
What is critical to remember when studying for a network security certification exam?
Following the laws and behaving ethically are more important than passing an exam.
What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?
Fping
Which penetration model allows for an even distribution of time and resources along with a fairly comprehensive test?
Gray box
What type of general commands allow a security tester to pull information from a server using a web browser?
HTTP
Module 1 start. What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
Hacking
What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP packets into a network?
Hping
Which of the following is not a method of protecting against network attacks?
Installing and updating malware
What type of physical security device can be used by both security professionals and attackers?
Keyloggers
What is a Class B IP address typically used for?
Large organizations and ISPs
Why might companies prefer black box testing over white box testing?
Many companies don't want a false sense of security.
Module 3 start. Which of the following statements about keyloggers is true?
Many keyloggers have built-in Wi-Fi so the stored keystrokes remotely without having to remove the device.
Module 6 start. What utility can be used for enumerating Windows OS's?
NBTscan
Which of the following is a free vulnerability assessment tool from Tenable that extendsNMAP capabilities by analyzing open ports and providing detailed vulnerability information?
Nessus Essentials
In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium?
Network
Which type of security is specifically concerned with computers or devices that are part of a network infrastructure?
Network security
Almost all of the tools available for footprinting are free and open source. What name is used to refer to these tools?
Open Source Intelligence (OSINT) tools
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?
Port
Module 5 start. Why is port scanning useful for hackers?
Port scanning helps hackers to answer questions about open ports and services by enabling them to quickly scan thousands of IP addresses.
Footprinting is also known by what term?
Reconnaissance
In a normal TCP session, the sender sends a packet to another computer with which of the following flags set?
SYN flag
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?
Session hijacking
Why are hackers able to bypass some security systems using IPv6?
Some router-filtering devices, firewalls, and intrusion detection systems (IDSs) are not configured to enable IPv6.
Which of the following statements about port scanning is true?
Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
Which of the following is an automated way to discover pages of a website by following links?
Spidering
What protocol is the most widely used and allows all computers on a network to communicate and function correctly?
TCP/IP
How can computer criminals use the Whois utility for their purposes?
The Whois utility is a commonly used tool for gathering IP address and domain information.
All of the following are good resources for finding more information about contracts for independent security consultants except one. Which is the exception?
The attorney of the company with which you will be contracting
Why should a company employ an ethical hacker?
The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the penetration/security test services.
Why is it a challenge and concern for an ethical hacker to avoid breaking any laws?
The laws are constantly changing.
How do spyware and adware differ?
The main purpose of adware is to determine a user's purchasing habits, but spyware sends information, including confidential information, from the infected computer to the attacker.
In a Linux script, which of the lines is important because it identifies the file as a script?
#!/bin/sh
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
Module 2 start. In hexadecimal, what does the character E represent?
14
In binary, what is the largest number that can be represented by four low-order bits?
15
What is the decimal equivalent of the binary number 11000001?
193
Approximately how many IP addresses are allowed under IPv4?
4.3 billion
An individual wants to switch from using Hypertext Transfer Protocol (HTTP) to a more secure protocol. To which port are they most likely to switch?
443
What port does the Domain Name System, or DNS service use?
53
What is the largest digit in an octal number?
7
What is a SOA record?
A Start of Authority (SOA) record shows for which zones or IP addresses a DNS server is responsible.
Attackers typically use ACK scans to get past a firewall or other filtering device. How does the process of an ACK scan work to determine whether or not a filtering device is in place?
A filtering device looks for the SYN packet, the first packet in the three-way handshake. If the attacked port returns an RST packet, the packet filter was fooled, or there's no packet-filtering device.
During a NULL scan, no packet is received as a response. What is the most likely cause of no packet receipt?
The port is open.
Communication between two devices is not properly functioning. What is the most likely cause of the communication issues?
The protocols on each device differ.
Even though a security professional might think they are following the requirements set forth by the client who hired them to perform a security test, management may be dissatisfied. Which of the following is an example of an ethical hacking situation that might upset a manager?
The security testing reveals all the usernames and passwords of company personnel to the tester without the manager's prior consent.
If the low-order bit is turned on in a binary digit, what can be assumed?
The value is odd.
What does the acronym TCP represent?
Transmission Control Protocol
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
Transport
What type of malicious computer programs present themselves as useful computer programs or applications?
Trojan programs
Why is UDP widely used on the Internet?
UDP is widely used because of its speed.
What is a *nix system command that can be used to retrieve HTTP, HTTPS, and FTP files over the Internet?
Wget
Which utility is used to gather IP and domain information?
Whois
Which of the following statements about written contracts is true?
Written contracts are always a good business practice.
What type of port scan has the FIN, PSH, and URG flags set?
XMAS scan
What footprinting tool would be most helpful in determining network vulnerabilities?
Zed Attack Proxy
What utility can be used to intercept detailed information from a company's website?
Zed Attack Proxy
Which of the following would be a good candidate for a script?
a set of commands repeatedly used to perform the same task
With which type of laws should a penetration tester or student learning hacking techniques be familiar?
all of the above
Protecting an organization from malware attacks is difficult because new viruses, worms, and Trojans appear daily. What can mitigate some of these risks by detecting many malware programs?
antivirus software
Which of the following physical security options avoids the issue of combination or key sharing?
biometric devices
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
In Unix and Linux systems, what command allows you to alter the permissions of files and directories?
chmod
Which of the following refers to an information gathering technique used to discover as much information as legally possible about competition?
competitive intelligence
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
SNMPWalk is a tool useful in enumerating hosts running SNMP with what type of configuration?
default
Which statement is where the script performs its main task?
do
What is the passive process of finding information on a company's network called?
footprinting
Which term best describes malicious programmatic behaviors of known viruses that antivirus software companies compare to every file on a computer?
heuristics
An attacker manipulates messages between two parties in order to have one party send money to the attacker's account instead of the other party's account. What type of attack is occurring?
man-in-the-middle
To see additional parameters that can be used with the Netcat command, what should you type at the command prompt?
nc -h
Module 4 start. Which type of social engineering attack attempts to discover personal information through the use of email?
phishing
When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?
ping sweep
A security tester needs to extract information from a network. What information cannot be gathered using enumeration?
purchasing habits of all users on the network
One method of gathering information when footprinting a network is through the Domain Name System (DNS). What is the responsibility of DNS?
resolving hostnames to IP addresses and vice versa
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?
scripts
Which technique can be used to read PINs entered at ATMs or at other areas when a pin code is entered?
shoulder surfing
Which term best describes a hash or code pattern that antivirus software companies use to compare known viruses to every file on a computer?
signatures
Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?
stealth
What type of malicious program needs a host to propagate and can replicate itself through an executable program attached to an email?
virus
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?
white box
Which process enables you to see all the host computers on a network and a large portion of an organization's network?
zone transfers
